Sr Principal Secure SDLC Software Development Engineer
Regeneron Pharmaceuticals, Inc.
2024-11-05 18:42:44
Tarrytown, New York, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
We are looking for a Sr Principal Secure SDLC Software Development Engineer who will be responsible for the design, engineering, deployment, governance and level 3 support of the Regeneron Secure Software Development Life Cycle (SSDLC) framework, solutions, and services, aligning with the Cybersecurity by Design program, in a global environment.
As a Sr Principal Secure SDLC Software Development Engineer, a typical day may include the following:
Drive forward the development, enhancement, deployment, communication, and governance of the Regeneron SSDLC roadmap aligned with a comprehensive Cybersecurity by Design strategy.
Develop and enhance a reliable, scalable, and secure set of SSDLC solutions to efficiently meet business requirements while adhering to the NIST Cyber Security framework.
Drive a continuous improvement approach to securing the Regeneron SDLC program by defining and enforcing security requirements across the full software development life cycle. This includes the underlying software delivery pipeline, ensuring security is seamlessly and effectively integrated within.
Develop and operationalize strategies to continuously assess, identify, and mitigate vulnerabilities within the SSDLC ecosystem.
Develop and document the technical design for the integration and implementation of any new SSDLC software.
Partner with the Cybersecurity by Design Team, product development, and other key stakeholders to ensure secure design principles are embedded throughout the entire software development lifecycle.
Partner with software development teams in the architectural design of software solutions to ensure the implementation of secure design principles.
Collaborate with leadership on the yearly budget preparation and management of the SSDLC program.
Stay current on evolving security threats and trends, recommending proactive measures to maintain a secure SSDLC framework.
Collaborate on the development and delivery of software security awareness training programs.
Collaborate with the Operations Team to continuously ensure defined SSDLC technologies are effective and efficient in practice.
Provide Level 3 support for SSDLC related and security incidents.
Collaborate with vendors to drive solution optimization and business value.
Define and manage against SSDLC SLAs, utilizing KPIs provide monthly reporting on the efficacy of SSDLC management tools.
This May Be the Right Role for You If you:
Continuously identify opportunities for improving processes and solutions, including the consolidation of similar security needs.
Collaborate with the team to implement technical best practices, policies, and procedures.
Have ability to lead training initiatives, demonstrating a capacity to educate teams.
Have excellent problem-solving skills and attention to detail.
Excellent verbal and written communication skills, and ability to effectively interact with all personnel from application developers to the CIO, ability to work autonomously and in groups, highly organized, deadline-oriented, continuous-improvement mindset.
Ability to develop and maintain highly effective relationships and influence others to achieve goals.
Ability to lead projects and mentor team members.
To be considered for this role, you must have a BA/BS degree in Computer Science, Computer Information Systems, or related technical field as well as 8+ years of experience with SSDLC capabilities in a global environment. Strong experience in the use of SSDLC solutions to secure data within an enterprise. Strong end-to-end knowledge in the design, engineering, and operation of a comprehensive SSDLC solution set. Experience designing and providing highly available and reliable SSDLC software and processes capable of 24x7 business operations. Solid level of competence with SAST, SCA, DAST, Jenkins, Groovy, Python, Java, JavaScript, Ruby, R, Kubernetes, AWS, Terraform, CFT. Strong working knowledge of Information Security processes, practices, and solutions. Experience with regulatory compliance controls. GxP and SOX are preferred. Familiarity with relevant security frameworks and compliance standards (NIST CSF, ISO 27001, HIPAA, GDPR, etc.) is a plus. Must be onsite at least 3 days a week.
Does this sound like you? Apply now to take your first step towards living the Regeneron Way! We have an inclusive and diverse culture that provides comprehensive benefits, which often include (depending on location) health and wellness programs, fitness centers, equity awards, annual bonuses, and paid time off for eligible employees at all levels!
Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion or belief (or lack thereof), sex, nationality, national or ethnic origin, civil status, age, citizenship status, membership of the Traveler community, sexual orientation, disability, genetic information, familial status, marital or registered civil partnership status, pregnancy or parental status, gender identity, gender reassignment, military or veteran status, or any other protected characteristic in accordance with applicable laws and regulations. The Company will also provide reasonable accommodation to the known disabilities or chronic illnesses of an otherwise qualified applicant for employment, unless the accommodation would impose undue hardship on the operation of the Company's business.
For roles in which the hired candidate will be working in the U.S., the salary ranges provided are shown in accordance with U.S. law and apply to U.S.-based positions. For roles which will be based in Japan and/or Canada, the salary ranges are shown in accordance with the applicable local law and currency. If you are outside the U.S, Japan or Canada, please speak with your recruiter about salaries and benefits in your location.
Please note that certain background checks will form part of the recruitment process. Background checks will be conducted in accordance with the law of the country where the position is based, including the type of background checks conducted. The purpose of carrying out such checks is for Regeneron to verify certain information regarding a candidate prior to the commencement of employment such as identity, right to work, educational qualifications etc.
Salary Range (annually)
$145,400.00 - $237,200.00